Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Hackers Release Hacking Team Internal Documents After Breach

Attackers have compromised the network of Italian intrusion software vendor Hacking Team and released a large cache of the company’s private documents, including customer invoices that show sales to oppressive governments.

Attackers have compromised the network of Italian intrusion software vendor Hacking Team and released a large cache of the company’s private documents, including customer invoices that show sales to oppressive governments.

The incident came to light Sunday evening when unnamed attackers released a torrent with roughly 400 GB of data purported to be taken from Hacking Team’s network. Among the more potentially damaging documents made public are invoices showing that Hacking Team has sold its intrusion software to government agencies in countries known to have oppressive regimes, including Sudan, Ethiopia, and Egypt.

Hacking Team, based in Milan, Italy, is one of a small but growing number of companies that sell surveillance and intrusion software, products designed to help law enforcement agencies and other customers perform remote penetration and control of target systems. Hacking Team, Gamma Group and the others in this niche have come under intense scrutiny from security researchers, privacy advocates, and human rights activists, who say that the applications are used to target activists, journalists, and others.

Much already is known about the Remote Control System software that Hacking Team sells. Researchers have found samples of the application in a number of places in recent years and complete reverse-engineering analyses of the software have been published. Researchers working with the Citizen Lab at the University of Toronto have published evidence of Hacking Team’s software being used to target Ethiopian journalists, as well as other controversial targets. In an open letter sent to Hacking Team executives in March, Citizen Lab researchers asked why journalists from the Ethiopian Satellite Television Service are being targeted by a user of the company’s software, in apparent violation of Hacking Team’s own customer policy.

“Quite simply put, after all of the prior reporting surrounding the use of RCS against ESAT journalists in December 2013 and its human rights implications, how has it come to pass that RCS is again linked in late 2014 to the same activity? What steps will Hacking Team take to control such apparent misuse of its technology and prevent the continued targeting of ESAT journalists?” the letter says.

The release of Hacking Team’s internal documents, emails, and invoices could have serious effects for the company. But researchers say that they don’t necessarily expect the incident to have major long-term effects on the sale and use of intrusion software.

“Hacking Team is just one player in a big market. I suspect others will continue just fine, and probably Hacking Team itself will resurface in a while,” said Claudio Guarnieri, an independent security researcher who participated in Citizen Lab’s work on Hacking Team’s software.

“An investigation on the hack has most certainly already started, which I hope won’t be used as an instrument to pressure those who have been vocal about the company’s actions in the past. Rather, I hope that at least now the European Union, United Nations and Italian authorities will be bound to take action and conduct a proper investigation into the legitimacy of that business and the serious human rights concerns we always had, and that are now undeniable.”

Hacking Team officials have not released any official public statements about the attack yet.

As researchers and others have begun to look through the documents, they have found a number of significant things, aside from the invoices. Among the discoveries is the fact that Hacking Team has a legitimate Apple iOS developer certificate that expires next year. Another researcher found a handful of files that listed the VPS (virtual private server) servers used by Hacking Team, and published a list of the IP addresses for the servers.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.